export default function (req, res, next) {
    res.setHeader('X-Frame-Options', 'SAMEORIGIN');
    res.setHeader('Referrer-Policy', 'origin');
    res.setHeader('X-XSS-Protection', '1; mode=block');
    res.setHeader('X-Content-Type-Options', 'nosniff');
    res.setHeader(
      'Content-Security-Policy',
      "default-src *; \
      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; \
      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.baidu.com https://*.bdstatic.com; \
      img-src * data:; \
      worker-src * blob:; \
      font-src 'self' https://fonts.gstatic.com data:;"
    );
    res.setHeader('X-Download-Options', 'noopen');
    res.setHeader('X-Permitted-Cross-Domain-Policies', 'master-only');
    next();
  }
  